threat-briefing

# Threat Briefing Generate a concise, actionable cybersecurity threat briefing. ## Briefing Structure ### Header ``` # Cybersecurity Threat Briefing **Date:** [today's date] **Period:** Last 24-48 hours | Last 7 days **Analyst:** [agent name] **TLP:** WHITE ``` ### Priority Alerts (if any) Active exploits or critical vulnerabilities requiring immediate action. Include: CVE ID, affected systems, exploitation status, patch availability. ### Top Stories (5-10 items) For each story: ``` ### [N]. [Headline] **Category:** Vulnerability | Ransomware | APT | Supply Chain | Policy | Tool Release **Relevance:** Higher-Ed | SMB | Enterprise | All **Summary:** [2-3 sentences] **Action Required:** [Yes/No] - [what to do if yes] **Source:** [URL] ``` ### Vulnerability Watch New CVEs with CVSS >= 7.0 relevant to common stacks: - Linux/Ubuntu - Windows Server - Network equipment (Cisco, Fortinet, Palo Alto) - Web frameworks (Node.js, Python, PHP) - Cloud services (AWS, Azure, GCP) ### Threat Actor Activity Any notable APT or criminal group activity in the reporting period. Map to MITRE ATT&CK where possible. ### Recommendations Prioritized action items for a small-to-mid security team: 1. [Highest priority action] 2. [Second priority] 3. [Third priority] ## Tailoring - For higher-ed: emphasize student data (FERPA), research IP, BYOD risks - For SMB: emphasize ransomware, business email compromise, supply chain - For SOC operators: emphasize detection rules, IOCs, hunting queries ## Sources to Reference Prefer: CISA KEV, NVD, BleepingComputer, The Record, Krebs on Security, Dark Reading, SecurityWeek, Mandiant/Google TAG, Microsoft MSRC